Jump to content

MSE For Vista Now Shows XP Nag Screens


Jody Thornton

Recommended Posts

On 7/23/2019 at 9:06 PM, Vistapocalypse said:

Have you even tested your real-time protection at AMTSO? I am now using a third-party antivirus because there is more to online security than getting pretty green colors in your 6-year-old MSE client.

Now that MSE 4.4 is seven years old, an opposing viewpoint on the importance of green colors comes along. :huh:

Link to comment
Share on other sites


8 hours ago, VistaLover said:

First thing I want to say is that I agree with @Vistapocalypse that your query ("How to get MSE running on XP SP3 in August 2020") does NOT belong in this thread... :no:

But having seen your failed attempts at this endeavour being spread at various places in the MSFN forums, let me "put you out of your misery" ( ;) ) by offering you an abridged version of the story of MSE on XP (more detail can be found towards the last pages of the relevant thread linked to by @Vistapocalypse ) :

1. M$ continued to offer definition updates for MSE/WD on XP SP3 automatically through Windows Update  for approximately two years after the OS was EoS'ed !
 This fact alone upsets me tremendously to this day because we, Vista users, were not offered a single day of additional support by MS with regards to MSE! (the very last version of the app compatible with Vista contains a trigger/time-bomb that completely locks it after the OS EoS date! :realmad: ) ; we're seeing the same thing again with EoS'ed Win7 SP1, which continues to receive MSE defs via WU! :angry:

2. When WU stopped offering MSE defs on XP, updated defs had to be manually downloaded from MS's Security Portal
https://www.microsoft.com/en-us/wdsi/defenderupdates
and applied by the user. Community enthusiasts and an esteemed member here in MSFN created automation for that procedure, so XP users were kept happy for a while longer...

3. Before I proceed with the story telling, let us focus on the offline defs file itself, mpam-fe.exe ; this is comprised of 6 constituents (you can extract the .exe with 7-zip)

mpasbase.vdm
mpasdlta.vdm
mpavbase.vdm
mpavdlta.vdm
mpengine.dll
MpSigStub.exe

ALL these files are digitally code-signed by MS against MS root certificates and are verified by the OS that they haven't been tampered with before they are allowed to be applied/update MSE; any attempt to modify these files renders them invalid; but more of that later...

.vdm files contain the actual antispyware/antivirus definitions, either in full (mpasbase.vdm, mpavbase.vdm) or delta (differential) formats (mpasdlta.vdm, mpavdlta.vdm); mpengine.dll is the most important constituent, i.e. the AV engine inside MSE which does get updated from time-to-time (and partly mitigates the fact that MSE itself hasn't been updated for quite a long while now... :angry:) .

4. With a specific mpengine.dll update, M$ dropped a nuclear weapon on WinXP users of MSE, because the updated DLL contained new functions not found under XP, only under Vista+ (thankfully for us Vista users.. :whistle:.)
You can probe yourself the mpengine.dll file under XP with Dependency Walker... 
Hence, newer/updated versions of mpam-fe.exe would not succeed in installing, after that failure MSE would revert to the last working defs+engine.

5. MSE on XP was then stuck with a stale version of engine+definitions and, as time went on, started nagging about that fact... As with all signature-based antimalware solutions, the software itself becomes ineffective at protecting you from the ever evolving online threats...

6. A desperate solution was given some consideration, that is using the last compatible mpengine.dll file coupled with updated .vdm files (extracted from an updated version of mpam-fe.exe), but this was actually "a hole in the water" kind of thing, because updated .vdm files also demand an updated engine to work, i.e. both are interlinked!

7. So here we are now: MSE on XP dead and buried! :(

8. In the following months, M$ introduced further changes to the defs installer, mpam-fe.exe:
8a : The "Subsystem version" value in the PE header was raised to 6.0 (Vista+); this is the main reason you get the

"is not a valid Win32 application"

error on trying to launch it; lowering that SubSysVer to 5.1 (XP) will accomplish NOTHING, because of two reasons: one is the incompatibility of the mpengine.dll with XP's kernel, discussed in 4 above; the other reason is:

8b: Starting on the weekend of 19/20 Oct 2019, the standalone mpam-fe.exe file as well as all of its constituent files are ONLY being code-signed with a SHA-2 digest algorithm; no matter what you do, you can't get SHA-2 support under XP (and on Vista SP2 you must install select WS2008SP2 updates, as I'm sure you know by now...). 

Do you now see why this quest of yours is totally futile? Please, lay it to rest... :}

As for some other points you made, M$ don't keep/offer an archive of deprecated mpam-fe.exe versions; in all honesty, what good would that be to anyone, security-wise?

In a total hypothetic scenario, you would need first an XP Extended Kernel solution that will restore XP compatibility to mpengine.dll , plus backporting SHA-2 code-signing support to XP; I've seen stranger things happen, but you shouldn't hold your breath on both of these... :(

For the benefit of the whole community, I have re-uploaded that at below link:

http://s000.tinyupload.com/index.php?file_id=60954865039051356545

(included is a custom batch file; place the modified PE inside FixPEC folder and run .cmd; as with everything downloaded from the internet, please first scan with a reputed AV software; I can assure you the file that was uploaded by yours truly was safe...)

Thanks, @VistaLover - this really clears a lot of things up, even though I did manage to get somewhere at last.

Eventually, I figured out that mpam-fe.exe was no longer compatible with XP as you said and my attempts to extract MpSigStub and all that failed as well. I ended up finding the last compatible mpam-fe.exe (~475 days old now) and running that. Old, but better than nothing. I'm not kidding myself that this is adequate for XP, but it's better than nothing, I figured. Now, my MSE is yellow instead of red - sometimes, it's even green!

No issues at all on Vista. I have 4.4.304 there and manually running the definition worked well.

Link to comment
Share on other sites

4 hours ago, Vistapocalypse said:

Now that MSE 4.4 is seven years old, an opposing viewpoint on the importance of green colors comes along. :huh:

As Ben said, it's purely cosmetic. I know it's not adequate; I just wanted to do it because I can. I don't run any antivirus at all on Windows 2000 and haven't had any issues, so XP + MSE seems like a decent combo to me. I'll never be able to update MSE again, so why be updated with its colors? ;)

I thought Windows 10 Defender was annoying, but I was on Vista the other day and extracted a 7Z file from MSFN and MSE 4.4.304 promptly removed the files.... guess it's trying to send me a message :D

Link to comment
Share on other sites

@Dylan Cruz

Mse is not working on my vista system today 9th August. It was fine yesterdy. Gives a message that it cannot install the definition update.

Perhaps MS have nobbled it.

 

Edited by SIW2
Link to comment
Share on other sites

5 hours ago, SIW2 said:

Mse is not working on my vista system today 9th August. It was fine yesterdy. Gives a message that it cannot install the definition update.

Perhaps MS have nobbled it.

That’s interesting. Assuming there is no issue with the latest MSE version (“only” 4 years old) on Windows 7 (and a hasty search found no reports), then M$ is of course the logical suspect. I’m sure you have SHA-2 support installed, so that’s not the issue. I wonder if Server 2008 SP2 (which MSE did not officially support) is also affected.

If someone had asked me in 2016 what antivirus to use for Vista, I would’ve recommended MSE without hesitation. (My first post as an MSFN member was on page 1 of this very thread.) It’s sad that subsequent developments forced me to become an MSE naysayer. :(

Link to comment
Share on other sites

Yeah, 80244019 is the same error code as updates for Vista itself (e.g. here). Oh well, at least M$ has spared me from arguing that AMTSO test results were shockingly bad (which often fell on deaf ears). Almost everyone understands the importance of definition updates, so this should settle the question: barring some sort of miracle, MSE is dead on Vista. :( Edit: But I may have spoken too soon.

Edited by Vistapocalypse
Link to comment
Share on other sites

14 hours ago, SIW2 said:

Mse is not working on my vista system today, 9th August.
It was fine yesterday.
Gives a message that it cannot install the definition update.

Hi @SIW2 :P

When I first quickly read your post as an e-mai notification, I must have got it wrong :lol:, believing that the "is not working" bit meant that the whole app itself somehow stopped working :(; this doesn't seem to be the case, most fortunately!

The "it cannot install the definition update." bit I believed it to mean that the MANUALLY downloaded "offline" standalone defs updater, file mpam-fe.exe, ceased being able to be run/installed; that doesn't seem to be the case, either...

By "It was fine yesterday" do you actually mean that before August 9th, 2020, MSE on your Vista SP2 install was able to (automatically/manually) fetch and install updated MSE definitions via Microsoft/Windows Update (that's what the big "Update" button does, it searches MU)? If affirmative, that would be the first such mention... On my own system, MS/WU quit fetching anything in mid-July of last year, and that included Windows Defender (WD) defs updates... Installing SHA-2 code-signing support to the system, alas, did not change things... :angry:

You obviously have SHA-2 code-signing support installed, if you were able to get current (prior to Aug 9th) defs updates installed; but that support augments Vista's build number to 6.0.6003, and WU (when it worked) gave it the cold shoulder; that's why I'm quite sceptical of your report.. :dubbio:

In any way, Error 0x80244019 when checking manually for defs updates in MSE is because dear M$ has shut down the WU infrastructure for Windows Vista :realmad: ; this has been reported and detailed elsewhere in the MSFN forums... (EDIT: @Vistapocalypse posted while I was in the middle of composing this message...)

The only solution is to download manually (e.g. once daily) the standalone updated definitions installer,  mpam-fe.exe, from MS's security portal:

https://www.microsoft.com/en-us/wdsi/defenderupdates

and run that file to get you up to date...

(Scroll down to the MSE section and select the bitness of installed MSE; download and run file mpam-fe.exe)

Please report back, MSE on Vista SP2 shouldn't be dead yet!

@Dylan Cruz , what is the situation there?

Edited by VistaLover
Link to comment
Share on other sites

1 hour ago, VistaLover said:

Hi @SIW2 :P

When I first quickly read your post as an e-mai notification, I must have got it wrong :lol:, believing that the "is not working" bit meant that the whole app itself somehow stopped working :(; this doesn't seem to be the case, most fortunately!

The "it cannot install the definition update." bit I believed it to mean that the MANUALLY downloaded "offline" standalone defs updater, file mpam-fe.exe, ceased being able to be run/installed; that doesn't seem to be the case, either...

By "It was fine yesterday" do you actually mean that before August 9th, 2020, MSE on your Vista SP2 install was able to (automatically/manually) fetch and install updated MSE definitions via Microsoft/Windows Update (that's what the "Check for updated definitions" setting does)? If affirmative, that would be the first such mention... On my own system, MS/WU quit fetching anything in mid-July of last year, and that included Windows Defender (WD) defs updates... Installing SHA-2 code-signing support to the system, alas, did not change things... :angry:

You obviously have SHA-2 code-signing support installed, if you were able to get current (prior to Aug 9th) defs updates installed; but that support augments Vista's build number to 6.0.6003, and WU (when it worked) gave it the cold shoulder; that's why I'm quite sceptical of your report.. :dubbio:

In any way, Error 0x80244019 when checking manually for defs updates in MSE is because dear M$ has shut down the WU infrastructure for Windows Vista :realmad: ; this has been reported and detailed elsewhere in the MSFN forums... (EDIT: @Vistapocalypse posted while I was in the middle of composing this message...)

The only solution is to download manually (e.g. once daily) the standalone updated definitions installer,  mpam-fe.exe, from MS's security portal:

https://www.microsoft.com/en-us/wdsi/defenderupdates

and run that file to get you up to date...

(Scroll down to the MSE section and select the bitness of installed MSE; download and run file mpam-fe.exe)

Please report back, MSE on Vista SP2 shouldn't be dead yet!

@Dylan Cruz , what is the situation there?

I manually install the definitions, though I don't do it everyday, only now and then. I installed definitions 2 days ago so my MSE right now is still happy about that.

What's weird is Vista 64-bit definitions are now called mpas-fe.exe... typo on Microsoft's part?? It's also only half the size of the previous mpam-fe64 that I had.

I do indeed get the same error described when trying to auto-update in MSE. I haven't tried auto-updating MSE at all recently on any OS except W7 where it still works AFAIK.

This is the other link I had for definition updates, which is the one I used last time, which gives me a 107 MB mpam-feX64 for 64-bit: https://support.microsoft.com/en-us/help/971606/how-to-manually-download-the-latest-definition-updates-for-microsoft-s

It is slightly larger (about 1 MB) than the one I installed 2 days ago, which was about 106MB. Having some difficulty trying to get it to run but I've been having trouble getting pretty much everything to run lately on there so I won't give up yet. Eventually, it might work.

 

 

Link to comment
Share on other sites

1 hour ago, VistaLover said:

The only solution is to download manually (e.g. once daily) the standalone updated definitions installer,  mpam-fe.exe, from MS's security portal:

https://www.microsoft.com/en-us/wdsi/defenderupdates

and run that file to get you up to date...

Please report back, MSE on Vista SP2 shouldn't be dead yet!

Yes, it does sound like SIW2 was talking about updating definitions from within the UI - something that wasn’t possible in July 2019 (at least not without SHA-2 support, which I did not have then). If manual installation is still possible, it’s worth mentioning that “do-it-yourself” methods of automation were discussed earlier in this thread. However, none of this changes my mind about the client’s lack of effectiveness.

Link to comment
Share on other sites

6 minutes ago, Vistapocalypse said:

Yes, it does sound like SIW2 was talking about updating definitions from within the UI - something that wasn’t possible in July 2019 (at least not without SHA-2 support, which I did not have then). If manual installation is still possible, it’s worth mentioning that “do-it-yourself” methods of automation were discussed earlier in this thread. However, none of this changes my mind about the client’s lack of effectiveness.

I just manually installed 2 days ago so unless something has changed since then, that works great.

Link to comment
Share on other sites

31 minutes ago, Dylan Cruz said:

What's weird is Vista 64-bit definitions are now called mpas-fe.exe... typo on Microsoft's part?? It's also only half the size of the previous mpam-fe64 that I had.

... You must've gotten the wrong file, then...

"mpas-fe.exe", whether 32 or 64-bit, is the standalone offline installer for updated anti-spyware (as) definitions; this file should only be used to manually update Windows Defender, Vista's native anti-spyware solution! 

"mpam-fe.exe", whether 32 or 64-bit, is the standalone offline installer for updated anti-spyware (as) + anti-malware (am) definitions; this file should only be used to manually update MSE (NB that when MSE is first installed, WD is being de-activated, so as not to conflict with MSE, which is both an anti-spyware and anti-malware solution!)

41 minutes ago, Dylan Cruz said:

This is the other link I had for definition updates, which is the one I used last time, which gives me a 107 MB mpam-feX64 for 64-bit: https://support.microsoft.com/en-us/help/971606/how-to-manually-download-the-latest-definition-updates-for-microsoft-s

It is slightly larger (about 1 MB) than the one I installed 2 days ago, which was about 106MB.

You should probably only download from the (revamped) Microsoft Security Intelligence portal:

https://www.microsoft.com/en-us/wdsi/defenderupdates

vhE5haQ.jpg

Definitions for MSE there get updated 3-5 times during the course of 24h, but probably once a day is a sane frequency to manually update... You can read the Release Notes below:

https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes

... for latest as well as the previous 19 releases...  :rolleyes:

Link to comment
Share on other sites

Yes. On 8th August, it downloaded and installed the definitions by itself.

On 9th August, it refused.

The only post 2017 update installed is kb4474419.

Is it possible it downloaded the definitions, before I installed kb4474419, and only after installing kb4474419 it installed the definitions it had previously downloaded.

Maybe, because I installed mse first.

 

At some point, I will go and fetch from the link you posted and see if it will work that way.

 

 

2 hours ago, VistaLover said:

 

 

Hi @SIW2 :P

By "It was fine yesterday" do you actually mean that before August 9th, 2020, MSE on your Vista SP2 install was able to (automatically/manually) fetch and install updated MSE definitions via Microsoft/Windows Update (that's what the "Check for updated definitions" setting does)?

 

 

Link to comment
Share on other sites

This is what it showed on 8th August. I didn't download the definitions myself, so mse must have.

I installed mse. Then rebooted. Not more than a few mins later, I installed the kb4474419.

Possibly it downloaded the mpam thing before I installed kb4474419. Then mse was able to install those updated defs it had already downloaded .

I don't have any other theories.

The os was freshly installed on 8th August, so there was only that one incident of mse downloading the defs.

 

mse-8-8-2020.JPG

Edited by SIW2
Link to comment
Share on other sites

1 hour ago, SIW2 said:

This is what it showed on 8th August. I didn't download the definitions myself, so mse must have.

I installed mse. Then rebooted. Not more than a few mins later, I installed the kb4474419.

Possibly it downloaded the mpam thing before I installed kb4474419. Then mse was able to install those updated defs it had already downloaded .

I don't have any other theories.

The os was freshly installed on 8th August, so there was only that one incident of mse downloading the defs.

 

mse-8-8-2020.JPG

Yeah, I still haven't been able to get mpam-fe64.exe to do anything of late... this might be something weird going on actually,

I don't know what, exactly, but it's possible others with MSE are also having similar issues.

I don't actually have MSE installed on my W7, just Defender (native), and that updated its definitions fine when I told it to. Seems something Vista-related is going on.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...